Do Not Bring Your Own Surface

Windows RT devices, such as Microsoft's initial Surface, lack the manageability features available in business versions of Windows or the forthcoming Windows 8-based Surface Pro. The solution for such devices so far, as with the iPad, iPhone and other BYOD devices, has been MDM (Mobile Device Management). But while Microsoft says it's coming real soon now, the company has yet to document an MDM API for Windows RT devices. Unless you're using certain Microsoft products, they are unmanageable for

The only way mobile devices on a company network have been tolerable to IT is the existence of some level of management tools, mainly MDM (Mobile Device Management). MDM was created by RIM for its BlackBerry devices, cloned by Apple for iPhones, and now there are likely over 100 companies all over the world cloning the same basic set of APIs. Some version of them work on everything  except Microsoft's Surface and other Windows RT devices.

The full version of Windows 8, which runs on Intel CPU-based devices like Microsoft's forthcoming Surface Pro, doesn't really need MDM, although it may eventually be available for it. Since it runs Windows 8, it has all the Active Directory-based management facilities that are available for Windows desktops and notebooks, including the incredibly powerful Group Policy Objects. In terms of capability, these make MDM and the newer generation of EMM (Enterprise Mobility Management) tools look like the primitive toys that they are.

Right now, if an employee comes to work and tries to do the BYOD thing with his new Surface RT, the only way you can centrally manage it is with Microsoft tools: System Center 2012 or a Microsoft service called Intune. There's an API in there, but Microsoft has not yet published it or disclosed it to other MDM vendors.

These other MDM vendors are anxious to have the API. Some of them, including SOTI and Zenprise, have promised support for Microsoft's MDM for Surface.

Microsoft has said that Windows RT MDM will be based on the Windows Phone 8 MDM API and agent, which have been released and documented, but it won't be exactly the same. I haven't read anything about whether the API will be supported on real Windows 8 devices, like Surface Pro; technically it's not necessary, but if an organization is using Intel-based Windows 8 tablets in the same way as iPads, they may want to manage them in the same way. At this point, nobody  for all I know, not even Microsoft  knows whether the company will provide such support.

Not everything about the rollout of Windows 8/RT/Surface has been smooth and well-planned, and the MDM picture is one of the more important, but less-publicized ones.

Are people using Surface in your organization? What is IT doing about it? Share your experiences in a comment below.

Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.